A State-Based Characterisation of the Conflict Preorder 



Simon Ware Robi Malik 

Department of Computer Science, University of Waikato, Hamilton, New Zealand 
{siw4,robi}(§waikato . ac .nz 



This paper proposes a way to effectively compare the potential of processes to cause conflict. In discrete 
event systems theory, two concurrent systems are said to be in conflict if they can get trapped in a situ- 
ation where they are both waiting or running endlessly, forever unable to complete their common task. 
The conflict preorder is a process-algebraic pre-congruence that compares two processes based on their 
possible conflicts in combination with other processes. This paper improves on previous theoretical 
descriptions of the conflict preorder by introducing less conflicting pairs as a concrete state-based char- 
acterisation. Based on this characterisation, an effective algorithm is presented to determine whether 
two processes are related according to the conflict preorder. 



1 Introduction 



A key question in process algebra is how processes can be composed and compared An under- 

standing of what makes processes equivalent is important for several applications, ranging from com- 
parison and minimisation in model checking to program construction using abstraction and refinement. 
Several equivalence relations have been studied, most notably observation equivalence lll2l] . failures 
equivalence th, and trace equivalence [7]- Each equivalence has its own properties, making it suitable 
for particular applications and verification tasks 

This paper focuses on conflict equivalence, which compares processes based on which other pro- 
cesses they can come into conflict Jb, 14] with. Two processes are in conflict, if they can reach a state 
from which termination is no longer possible. This can be because of deadlock where neither process is 
capable of doing anything, or livelock where the system continues to run without ever terminating. 

It is difficult to reason about conflicts in a modular way. If two processes are free from conflict 
individually, they may well be involved in a conflict when running together, and vice versa jlSll . This 
makes it difficult to apply most methods of abstraction common in model checking ^ to verify systems 
to be free from conflict, and standard process-algebraic equivalences are not applicable either. 

Conflict equivalence is introduced in [1 1] as the best possible process equivalence to reason compo- 
sitionally about conflicts. Conflict equivalence is coarser than observation equivalence [120 and different 



from failures and trace equivalen ce llZll - The process-algebraic theory most closely related to conflict 
equivalence i?, fair testing ||2, 13, Il5ll. The essential difference between conflict equivalence and fair 
testing lies in the capability to compare processes that exhibit blocking behaviour, as expressed by the 
set of certain conflicts |0,[l3^ HI- 
In fi, 



161 11711 . various conflict-preserving rewrite rules are used to simplify processes and check 



whether or not large systems of concurrent finite-state automata are free from conflict. While of good 
use in practice, the rewrite rules are incomplete, and it remains an open question how processes can be 
normalised or compared for conflict equivalence. 

This paper improves on previous results about conflict equivalence and the associated conflict pre- 
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order 111 111 , and fair testing Ill5l1 . by providing a state-based characterisation of the conflict preorder. It 
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proposes less conflicting pairs as a more concrete way to compare processes for their conflicting be- 
haviour than the abstract test-based characterisation using nonconflicting completions in Ull] and the 
refusal trees of [15]. Less conflicting pairs give a means to directly compare processes based on their 
reachable state sets, which leads to an alternative algorithm to test the conflict preorder. While still linear 
exponential, this algorithm is simpler and has better time complexity than the decision procedure for fair 



In the following. Section |2] briefly reviews the needed terminology of languages, automata, and 
conflict equivalence. Then Section [3] introduces less conflicting pairs and shows how they can be used 
to describe certain conflicts and the conflict preorder. Afterwards, Section |4] proposes an algorithm to 
calculate less conflicting pairs for finite-state automata, and Section |5] adds some concluding remarks. 

2 Preliminaries 

2.1 Languages and Automata 

Event sequences and languages are a simple means to describe process behaviours. Their basic building 
blocks are events, which are taken from a finite alphabet Z. Two special events are used, the silent event T 
and the termination event ft). These are never included in an alphabet £ unless mentioned explicitly. 

£* denotes the set of all finite traces of the form ai 02 • • • CJ„ of events from £, including the empty 
trace e. The length of trace s is denoted by 1^1 . A subset L C £* is called a language. The concatenation 
of two traces s,t ^H* is written as st, and a trace s is called a prefix of t, written s Qt, if t = su for some 
trace u. A language L C £* is prefix-closed, if s £ L and rQs implies r € L. 

In this paper, process behaviour is modelled using nondeterministic labelled transitions systems or 
automata A = (£, 2, — )■, 2°)> where £ is a finite alphabet of events, 2 is a set of states, — > C g x (Z U 
{t,(o}) X 2 is the state transition relation, and 2° ^ 2 is the set of initial states. The automaton A is 
called finite-state if its state set Q is finite. 

The transition relation is written in infix notation x y, and is extended to traces by letting x ^ x 
for all X G 2, and x ^ j if x A z A j for some z € 2- The transition relation must satisfy the additional 
requirement that, whenever x —>y, there does not exist any outgoing transition from y. The automaton A 
is called deterministic if |2°| < 1 and the transition relation contains no transitions labelled T, and if 
x-^yi and x A j2 always implies yi =y2- 

To support silent transitions, x =^ j, with s € (ZU {ftj})*, denotes the existence of a trace f E (ZU 
{ftj, t})* such that x A and s is obtained from t by deleting all T events. For a state set X C 2 and 
a state y £Q, the expression X ^y denotes the existence of x € X such that x ^y, and A^y means 
that 2° =^ 3'- Furthermore, x^y denotes the existence of a trace s such that x^y, and x denotes the 
existence of a state y G 2 such that x ^y. For a state, state set, or automaton X, the language and the 
marked language are 



Every prefix-closed language L is recognised by an automaton A such that L(A) = L, but only regular 
languages are recognised by a finite-state automaton 

When two automata are running in parallel, lock-step synchronisation in the style of [7] is used. The 

synchronous composition of A = (Z^, 2^) ~^a' 2a) and B = {Lg, Q^, — s-^, 2g) is 



testing lIlSll . 



L(X) = {sG (IU{ftj}) 



X=^} and L"(X) = L(X)nr*ft) . 



(1) 



A II B = (Ia U Ib, 2a X 2b, ^, Ql X 2b) 



(2) 
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Figure 1 : Examples of blocking and nonblocking automata. 
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where 



{xa.xb) a [jA^yB) if € (Ia nlfi) U {w}, xa Ja, and xg Jb \ 



{xa,xb) a {yA,XB) if a G {La\Lb) U {t} and ;ca Aa Ja ; 
(xa,-^b) {xA,yB) ifoe {Lb\La)U{t} andxB ^bJb ■ 

In synchronous composition, shared events (including ft)) must be executed by all automata together, 
while events used by only one of the composed automata and silent (t) events are executed independently. 

2.2 Conflict Equivalence 

The key liveness property in supervisory control theory flT] is the nonblocking property. Given an 
automaton A, it is desirable that every trace in L(A) can be completed to a trace in L®(A), otherwise A 
may become unable to terminate. A process that may become unable to terminate is called blocking. 
This concept becomes more interesting when multiple processes are running in parallel — in this case the 
term conflicting is used instead. 

Definition 1. An automaton A = (£, Q,^,Q°) is nonblocking if for every state x G Q, Q° ^ x implies 
that Lf (jc) 7^ 0. Otherwise A is blocking. Two automata A and B are nonconflicting if A 1 1 B is nonblocking, 
otherwise they are conflicting. 

Example 1. Automaton Aq in Figure [T] is nonblocking, as it is always possible to reach state c?2 and 
terminate. Automaton Bq on the other hand is blocking, because it can enter state ^3 after execution of 
ttjS, from where it is no longer possible to reach a state where the termination event (O is enabled. 

For an automaton to be nonblocking, it is enough that a terminal state can be reached from every 
reachable state. There is no requirement for termination to be guaranteed. For example, automaton Aq 
in Figure [U is nonblocking despite the presence of a possibly infinite loop of a-transitions in state qq. 



Nonblocking is also different from "may"-testing jlSll . which only requires the possibility of termination 



from the initial state. The testing semantics most similar to nonblocking is "should"-testing, which is 
also known as fair testing [15]. 

To reason about nonblocking in a compositional way, the notion of conflict equivalence is developed 



in mm . According to process-algebraic testing theory, two automata are considered as equivalent if they 
both respond in the same way to all tests of a certain type |4]. For conflict equivalence, a test is an 
arbitrary automaton, and the response is the observation whether or not the test is conflicting with the 
automaton in question. 

Definition 2. Let A and B be two automata. A is less conflicting than B, written A <conf B, if, for every 
automaton T, if B j| T is nonblocking then A\\T also is nonblocking. A and B are conflict equivalent, 
A ~conf B, if A <conf B and B <conf A. 

Example 2. Consider automata Ai and Bi in Figured A\ is not less conflicting than B\, since Ai || Ti is 
blocking while B\ \\ Ti is nonblocking. This is because Ai || Ti can enter the blocking state {a2,qi) after 
executing of a, whereas after executing a in Bi, it eventually becomes possible to continue using either 
the j8- or /-transition of T\. It can also be shown that Bi <conf ^^i does not hold. 
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Figure 2: Two automata that are not conflict equivalent. 



The properties of the conflict preorder <conf and of conflict equivalence and their relationship to other 
process-algebraic relations are studied in jllll . It is enough to consider deterministic tests in Definition [2l 



and conflict equivalence is is the coarsest possible congruence with respect to synchronous composition 
that respects blocking, making it an ideal equivalence for use in compositional verification 



compos 



2.3 The Set of Certain Conflicts 

Every automaton can be associated with a language of certain conflicts, which plays an important role in 
conflict semantics |@]. 

Definition 3. For an automaton A = (£, 2 , — > , 2° ) , write 

Conf(A) = { 5 g £* I For every automaton T such that 7 A || T is blocking } ; (3) 
NConf(A) = {s € r* I There exists an automaton T such that T =4> and A || T is nonblocking } . (4) 

Conf(A) is the set of certain conflicts of A. It contains all traces that, when possible in the environ- 
ment, necessarily cause blocking. Its complement NConf(A) is the most general behaviour of processes 
that are to be nonconflicting with A. If A is nonblocking, then Conf(A) = and NConf(A) = £*, be- 
cause in this case A\\U is nonblocking, where ?7 is a deterministic automaton such that L®(?7) = r*G). 
The set of certain conflicts becomes more interesting for blocking automata. 

Example 3. Consider again automaton So in Figure [T] Clearly ajS G Conf(Bo) as Bq can enter the 
deadlock state bi, by executing ajS, and therefore every test T that can execute ajS is conflicting with Bq. 
But also a S Conf(5o), because Bq can enter state b2 by executing a, from where the only possibility 
to terminate is by executing jSft). So any test that can execute a also needs to be able to execute aj3 if it 
is to be nonconflicting with Bq, but such a test is conflicting with Bq as explained above. It can be shown 
thatCoNF(Bo) = «£*. 

The set of certain conflicts is introduced in |@], and its properties and its relationship to conflict 
equivalence are studied in [11]. Even if an automaton is nondeterministic, its set of certain conflicts is a 
language, but as shown in Example[3l it is not necessarily a subset of the language L(A) of its automaton. 
If a trace 5 is a trace of certain conflicts, then so is any extension st. An algorithm to compute the set of 
certain conflicts for a given finite-state automaton is presented in jioll . 

Certain conflicts constitute the main difference between conflict equivalence and/a/r testing ^l^. 
In fair testing, processes are not allowed to synchronise on the termination event ft), so termination is 
determined solely by the test. This can be expressed as conflict equivalence by requiring that CO be 
enabled in all states of the automata compared jllll . 

Conversely, it is possible to factor out certain conflicts from any given automaton, by redirecting all 
traces of certain conflicts to a single state 10, ES- For example, automaton Bq in Figure[T]can be replaced 
by the conflict equivalent automaton Bq, which uses the single deadlock state _L. Two automata A and B 
are conflict equivalent if and only if their normalised forms A' and B' are fair testing equivalent. The 
decision procedure for fair testing jlSH can be used to test the conflict preorder, and vice versa. 
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Figure 3: Two automata that are conflict equivalent. 



3 Characterising the Conflict Preorder 

This section is concerned about characterising two automata A and B as conflict equivalent, or charac- 
terising A as less conflicting than B, in a state-based way. First, 13.11 explains the crucial properties of 
conflict equivalence using examples. Less conflicting pairs are introduced in 13.21 and they are used to 
characterise certain conflicts in [33] and the conflict preorder in l3.4l 



3.1 Understanding Conflict Equivalence 

Every reachable state of an automaton A carries a nonblocking requirement (also known as a noncon- 
flicting completion ul\\ ) that needs to be satisfied by tests that are to be nonconflicting with A. For 
example, if A ^ xa, then every test T that can execute s needs to be able to continue with at least one 
trace t Gl^lx^), ot T is conflicting with A. An automaton A is less conflicting than another automaton B, 
if every nonblocking requirement associated with A also is a nonblocking requirement associated with B. 

Example 4. Consider again automata Ai and Bi in Figure |2l They have the same marked languages. 
Thus, if the initial state ao of Ai is blocking in combination with some test T, then so is the initial 
state bo of B^. But this is not the case when Ai || T enters a state (ai ,xt) after execution of a. State ai 
requires xt to be capable of performing at least one ti^ace from the language I^{ai) = {aa)*pO) + 
{aa)* ayco, whereas the states b\ and b2, which can both be entered after executing a, require a trace 
from the language a*pco and a*Y(0, respectively. Both of these languages contain traces outside of the 
language LP(<3i). Automaton Ti in Figure|2]is in conflict with Ai but not with Bi. 

In general, it is not enough to compare only the marked languages of states reached by equal traces. 
Not every nonblocking requirements is a marked language of some state of its automaton. The following 
example shows one of the problems. 

Example 5. Consider automata A2 and B2 in Figure |3] The marked language of the initial state of A2 
is lF{ao) = aa^co, while the marked languages of the two states in B2 that can be entered initially are 
^{ba) = a*(0 and L®(fti ) = a+w. Although the marked languages are different, for any automaton T, if 
B2 II 7" is nonblocking, then A2 || T must also be nonblocking. If T is to be nonconflicting in combination 
with B2, since B2 may initially enter state bi, there must be the possibility to continue with event a. 
However, after executing a, automaton B2 may again silently enter state bi, which means that a must 
be possible again. This is enough to ensure that A2 || T is nonblocking. Using this argument, it can be 
shown that A2 and B2 are conflict equivalent. 



3.2 Less Conflicting Pairs 

In order to compare two nondeterministic automata according to conflicts, it is necessary to identify sets 
of states the two automata may reach under the same input. This is done using the well-known subset 
construction ^ . To capture termination, the usual powerset state space is extended by a special state CO 
entered only after termination. 
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Definition 4. The deterministic state space of automaton A = (Z, 2 , — )• , 2° ) is 

!2f = 2eu{«}, (5) 

and the deterministic transition function 5^^' : Q'^^^ x (£□{&)}) — 2'^^' for A is defined as 

5^^\X,a) = h . ifa = «andX^; 

I {)' £ 2 I ^ ^3'}i otherwise. 

The deterministic transition function 5^^^ is extended to traces s £ L* UL* co in the standard way. 
Note that d^^^{X,s) is defined for every trace s G Z* U £*G); if none of the states in X accepts the trace s, 
this is indicated by d^^\X,s) = 0. This is also true for termination: if CO is enabled in some state in X, 
then (o) = (O, otherwise co) = 0. 

In order to compare two automata A and B with respect to possible conflicts, pairs of state sets of the 
subset construction of A and B need to be considered. Therefore, the deterministic transition function is 
also applied to pairs X = {Xa,Xb) of state sets Xa Q Qa and Xb C Qb, 

5i%X,s) = 5i%{XA,XB,s) = {5i'\XA,s),5i'\XB,s)) . (7) 

To determine whether A <conf 5> it is necessary to check all states xa G Qa against matching state 
sets Xb C Qb and determine whether all possible conflicts of xa are also present in Xb- For example, 
when automaton A2 in Figure |3] is in state ai, then B2 may be in bo or bi. In state ai, at least one of 
the traces in a+ft) needs to be enabled to avert blocking, and the same requirement to avert blocking is 
seen in state bi. When state ai is entered with some test T, blocking occurs if none of the traces in oc+co 
is enabled, and such a test T is also blocking when combined with a system that may be in b^ or bi. 
Therefore, a\ is considered in the following as less conflicting (LC) than {bQ,b\}. 

It cannot always be determined directly whether a state xa G Qa is less conflicting than a state set 
Xb C Qb. In some cases, it is necessary also to consider the deterministic successors of xa and Xb- 
Therefore, the following definition considers pairs {Xa,Xb) of state sets. 

Definition 5. Let A = (I, Qa,^a^Qa) and B = (I, Q^, ^g, Q%) be automata. The set LC(A,B) C Q^et ^ 
Q'^^ of less conflicting pairs for A and B is inductively defined by 

LC°(A,B) = {(o} X Qf^ U { {Xa,Xb) \ Xb'ZQb and there exists xb € Xb with L^ixB) = 0} ; (8) 

LC"+^(A,B) = { {Xa,Xb) I there exists xb G Xb such that for all t G I*, if xb then there (9) 
exists rQt(0 such that 5^%{XA,XB,r) G LC'(A,5) for some i<n} ; 

LC(A,B) = IJ LC"(A,B) . (10) 

Remark 1. If {Xa,Xb) ^ LC(A,B), then according to I©, for every state xb G Xb, there exists t G T* 
such that Xb and 5'^^\Xa,Xb, r) ^ LC(A,B) for all prefixes r □ tco. 

The idea of Definition [5] is to classify a pair {Xa,Xb) as less conflicting, if the marked language 
of Xa is a nonconflicting completion flT] for the process with initial states Xb- That is, every test that 
is nonconflicting in combination with each of the states in Xb can terminate with at least one trace from 
the marked language of Xa- Or conversely, every test that cannot terminate using any of the traces in the 
marked language of Xa also is conflicting with Xb (see Lemma[T]below). 
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The first state set of a pair {Xa,Xb) is just used to represent a language of possible completions. 
If state sets Xa and Ya have the same languages, then all pairs {Xa,Xb) and {Ya,Xb) have exactly the 
same less conflicting status. For the second state set Xb on the other hand, the complete nondeterministic 
behaviour is relevant. 

A pair {co,Xb) is considered as "less conflicting" since termination has already been achieved 
in A. If Xb contains a state xb such that IP{xb) = 0, then {Xa,Xb) also is less conflicting ([8]), because con- 
flict is guaranteed in Xb- For other pairs {Xa,Xb), it must be checked whether Xb contains a requirement 
to avert blocking matching that given by the language of 

Example 6. Consider again automata Aq and Bq in Figure [T] It holds that ({ao}, {^o}) £ LC' (Ao,Bo)- 
There are three ways to terminate from bo, by executing co or ajSft) or aa^co. All three traces are 
possible in ao, each taking the pair {{ao},{bo}) to the deterministic successor {(0,(o) € LC"(Ao,Bo)- 
This is enough to confirm that ^ is satisfied. 

On the other hand, {{ao},{b2}) ^ LC'(Ao,Bo)- From state ao, blocking occurs with a test T that 

can only execute p(0, but this test is nonblocking with ^2- It holds that b2 where trace jSco has the 
prefixes e, jS, and pco, but 5^fi,^{{ao} , {b2} , e) = ({ao},{^2}) ^ LCO(Ao,Bo), d^fj,^{{ao} , {bi} , P) = 
(©,{^4}) ^LC°(Ao,Bo),and5^^=|5^({ao},{^2},j8w) = (0,w) ^LC''(Ao,Bo)- Therefore, © is not satis- 
fied and {{ao},{b2}) ^LC'(Ao,Bo)- It can also be shown that ({fl;o},{^2}) ^LC(Ao,Bo)- 

For a level-1 less conflicting pair {Xa,Xb) € LC' {A,B), if Xb does not contain blocking states, then 
there must exist a state xb G Xb such that Lf (xb) C LP(Xa). This is not the case for every less conflicting 
pair, as some nonblocking requirements are only implicitly contained in the automaton. To show that 
{Xa,Xb) is a less conflicting pair, it is enough to find a state in xb € Xb that can cover an initial segment 
of ^"(X^), as long as a less conflicting pair of a lower level is reached afterwards. 
Example 7. Consider again automata A2 and B2 in Figure [3] By definition, (ft), ft)) € LC°(A2,B2)> and 
following from this, {{ai},{bo,bi}) € LC'(A2,B2)> because the marked language of ai is a+ftj, which 
also is the marked language of bi. 

Now consider the pair ({ao}, {^Oj^i})- State ao has the marked language aa+ftj, i.e., to avert block- 
ing from ao, a test must be able to execute at least one of the traces in aa+ftj. Although this language is 
not directly associated with any state in B2, the nonblocking requirement is implicitly present in state bi. 
If blocking is to be averted from state bi, event a must be possible. After executing a, state bo is entered, 
from where it is always possible to silently return to state bi with marked language a+ftj. Therefore, in 
order to avert blocking from state bi, it is necessary to execute a and afterwards be able to terminate 
using one of the traces in a+ftj. This amounts to the implicit nonblocking requirement to execute a trace 
from aa+ftj in state bi. 

Therefore ({ao}, {^0,^1}) ^ LC^(A2,B2), but ({ao}, {^^0,^1}) G LC^(A2,B2) according to Q: ev- 
ery trace that leads to a terminal state from state bi has the prefix a, and 5^fg^{{ao},{bo,bi},a) = 
{{ai},{bo,bi}) eLC\A2,B2). 

As shown in the example, some nonblocking requirements have to be constructed using a saturation 
operation that combines two previously found nonblocking requirements. The level « of a less conflicting 
pair {Xa,Xb) € LC"(A,B) represents the nesting depth of applications of this saturation operation. 

The following two lemmas relate the state-based definition of less conflicting pairs to possible tests 
and thus to the conflict preorder. A pair {Xa,Xb) is a less conflicting pair, if every test T such that 
L^'iXA) n L®(r) = also is conflicting with Xg. 

Lemma 1. Let A = {L,Q^,^^,Ql), B = {•L,Qs,^s,Q°s), and T = {•L,Qj~,^j,Q°j) be automata, and 
let XT G 2r be a (possibly unreachable) state. For every less conflicting pair (Xa,Xb) G LC(A,S), at least 
one of the following conditions holds. 



Simon Ware and Robi Malik 



41 



(i) Xa = CO, or Q Qa and there exists € X^ such that IS^{xa,xt) ^ 0. 

(ii) There exist states xg € Xg, Jb £ Qb, and yj G such that {xb,xt) =^ (jSiyr) and L?'(yB,y7') = 0. 
(Here and in the following, notation \?{xa,xj) is abused to be a shorthand for \?{{xa,xj)).) 

Proof. As is a less conflicting pair, it holds that {Xa,Xb) G LC"(A,B) for some n G Nq. The 

claim is shown by induction on n. 

If {Xa,Xb) G LC°(A,S) then by ^ it holds that = (O, or Xb C Qb and there exists ;cb G Xb such 
that L'*^(;cb) = 0. In the first case (Ql holds, and in the second case (El) holds as {xb^xj) A (xb,X7) and 

l.^'ixB.XT) = \?{xB)r\\?{xT) = 0. 

Now assume the claim holds for all / < n, i.e., for all {Xa,Xb) G LC'(A,B), one of the conditions 
© or dnil holds, and consider {Xa,Xb) G LC"^'(A,B). By there exists xb G such that for aU 
t G r*, if Xfi ^ then there exists a prefix r □ fou such that d^^g{XA,XB,r) G LC'(A,B) for some / < n. If 
\^{xb,xt) = 0, (El) follows immediately as {xb,xt) A (xB,xr). Therefore assume that \S^{xb,xt) 7^ 0, 
i.e., there exists t G S* such that (x^jXr) Then xb so there exists r □ such that r) G 

LC'(A,B) for some / < «. As r C t(0 and xj- it also holds that xj Jt for some yj G Qt- Let 
5^%{XA,XB,r) = {Ya,Yb). By inductive assumption, (Q) or (El) holds for {Ya,Yb) G LC(A,B) and 3^7. 

(0) In this case, either Ya = (0, or Ya ^ Qa and there exists ja G }a and m G £* such that (jaj^t-) If 
Ya = ft), then 5^^\XA,r) =Ya = CO and according to Definition HI there exists G S* such that r = r^ftJ, 
and there exist states xa G Xa and G Qa such that x^i =4 i-S-. (-"^A^-fr) ==^- If there exists yA G Ya 
and M G Z* such that (jaiJt) =^> then since r) = Ya, there exists xa G Xa such that xa =>yA, i-e-> 

(xAiXr) ^ (3'Ai3'r) In both cases, (0) holds for {Xa,Xb) and xy. 

(El) If there exists a state yB G such that {yB^yr) =^ {zb,Zt) where JJ^{zb,Zt) = 0, then since 
6g^^{XB,r) = Yb, there exists xb G Xb such that xb Jb, which implies (xB,xr) ^ (yBjJr) ^ {zb-,Zt) 
with Lf (zb , Zr ) = 0- Thus, (El) holds for (Xa , Xb ) and xj- . □ 

Conversely, if a pair of state sets is not a less conflicting pair for A and B, then this pair gives rise to 
a test automaton to show that A is not less conflicting than B. This test exhibits blocking behaviour in 
combination with A but not with B. 

Lemma 2. Let A = (I, 2a' ~^A' 2a) ^"^^ ^ = 2b> ^B' 2b) be automata. For every pair X — (Xa ,Xb) ^ 
LC(A,B), there exists a deterministic automaton Tx = (T.,Qj,^j,{xj}) such that both the following 
conditions hold. 

(i) For all states xa G Xa, it holds that L'*'(x^,x^) = 0. 

(ii) For all states xb G Xb, yB G 2b, Jt G 2r such that (xg,x^) =^ (jbjJt"), it holds that \?{yB,yT) / 0- 
Proof. Construct the deterministic automaton Tx = (Z, Qj,^j,{xj}) such that 

L(rx) = {5 G r urftj I 5^5(X,r) ^ LC(A,B) for aU r □ 5} . (11) 

This language is prefix-closed by construction and nonempty because X ^ LC(A,B). Therefore, Tx is a 
well-defined automaton. 

(0) Let Xa G Xa. If xa ^ for some f G £*, then 5^;=^(X,?ftj) = {oo,Yb) G LC"(A,S) C LC(A,B) for 

some G Q^*^' by Definition jH and |5l It follows from ([HI) that tco ^'L{Tx), and thus (xa,x^) ^ does 
not hold. Since f G S* was chosen arbitrarily, it follows that L®(x^,x^) = 0. 
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© Let xb G Xb, Jb G Qb, Jt G Qt, and * G Z* such that {xb-,Xj) =4> {yB,yT)- Clearly s G L(rx), 
and by (dB it follows that 5^fB(X,r) ^ LC(A,B) for all prefixes rQs. Let ^^^^(X,^) = Y. Then Y ^ 

LC(A,S), so there exists a trace t G I* such that ^ and for all r □ f it holds that 5^^^(Y,r) ^ LC(A,B) 
(see Remark[T]l. Thus jcg ^ vb =^ and for all prefixes u C if ft), it holds that 5^'^^(X,m) ^ LC(A,B). Then 
stco G L(rx) according to ([TT]) . and since Tx is deterministic, it follows thaty^ Therefore, (jsjjr) 
i.e.,-L^{yB,yT)^D. □ 

3.3 Less Conflicting Pairs and Certain Conflicts 

Less conflicting pairs can be used to characterise the set of certain conflicts of an automaton as defined 
in 12.31 This shows the close hnk between the conflict preorder and the set of certain conflicts. If a 
pair (0,X5) is a less conflicting pair then, since termination is impossible from 0, conflict must be also 
present in Xb- In this case, every trace leading to Xb must be a trace of certain conflicts. This observation 
leads to the following alternative characterisation of the set of certain conflicts. 

Theorem 3. The set of certain conflicts of B = (£,2,^,2°) can also be written as 

Conf(B) = el* I (0,5^^=' (2°.^)) GLC(0,B) for some prefix r C ^ } , (12) 
where O = (£,0,0,0) stands for the empty automaton. 

Proof. First let 5 G I* such that (0, 5f\Q°,r)) G LC(0,B) for some r □ 5, and let T = (I, Qj,^t^Qt) 
be an automaton such that T It is to be shown that B || 7 is blocking. Since T ^ and r C 5, it holds 
that T ^xt for some state xt G Qt- Since (0,5^'='(e°,r)) G LC(0,B), either © or ^ in Lemma [T] 
holds. However, ^ is impossible as the first state set of the pair is empty, so ^ must be true. Thus, there 
exists a state x G 8b^^{Q° ,r) such that {x,xt) =^ {y,yT) where U^{y,yT) = 0. Then B || T is blocking as 

B\\T ^{x,XT)^{y,yT). 

Conversely, let seL* such that (0,5^'='(e°,r)) ^ LC(6>,B) for every prefix rQs. It is to be shown 
that s G NConf(B). Consider the deterministic automaton T such that 

L(r) = {f Gl* I (0,5^"'(e°,r)) ^LC(0,B)forallrCf} . (13) 

r is a well-defined automaton as L(r) is prefix-closed by construction. It remains to be shown that 
II r is nonblocking. Let B || T =4> {x,xt). Then t G L(r), and by definition of T (fT3l ). it holds that 
(0, ^ LC(6>,B), and the same holds for ah prefixes of t. Also x G 5^''\Q°,t), so there exists 
a trace m G £* such that x =^, and for every prefix r □ u(0, it holds that 5^%{(d,5i^\Q° ,t),r) ^ LC{0,B) 
(see Remark [Hi. By definition ([T3] ). it follows that tu(0 G L(r), and since T is deterministic also xj 
Therefore, B\\T^ {x,xt) i.e., B || T is nonblocking. □ 

The result of Theorem [3] shows how less conflicting pairs generalise certain conflicts for the case 
when two automata are compared, and in combination with the algorithm in Section IH less conflicting 
pairs lead to an alternative presentation of the algorithm LIQI to compute the set of certain conflicts. 

3.4 Testing the Conflict Preorder 

Given the less conflicting pairs for two automata A and B, it is possible to determine whether A <conf B. 
Automaton A is less conflicting than B if every test T that is nonconflicting in combination with B also is 
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nonconflicting with A. To check this condition, it is enough to consider traces B\\T ^ {xb,xt), and check 
whether termination is also possible for every state xa of A such that A\\T ^ {xa,xt). This amounts to 
checking whether {{xa},Xb) G LC(A,B) when A 4>;ca and 5g''\QB,s) =Xb. 

However, this condition does not apply to traces of certain conflicts. If s £ Conf(B), then every 
test T that can execute s is in conflict with B. In this case, A can still be less conflicting than B, no 
matter whether A can or cannot execute the trace s and terminate afterwards. This observation leads to 
the following result. 

Theorem 4. Let A = {L,Q^,—)-^,Q^) and B = {L,Qg,—^g,Qg) be two automata. A is less conflicting 
than B if and only if for aU s € NConf(B) and all xa G Qa such that A^XAit holds that {{xa},Xb) G 
LC(A,S), where di'\Q°B,s) =Xb. 

Proof. First assume that for all 5 G N C ONF (B) and all xa G Qa such that A^XAit holds that ( {xa } , Xg ) G 
LC(A,B), where d^''\Ql,s) = Xb- Let T = (I, Qj,^j,Qj) such that B || T is nonblocking, and assume 
that A II r 4> {xa,xt). Since B || T is nonblocking and T it follows that s G NConf(B). Therefore 
by assumption {{xa}-,Xb) G LC(A,B), so (Qi or (Inl) in Lemma[T]must be true. However, (HD) cannot hold, 
because for all xb £Xb = 5b^^{Q°,s) it holds that B\\T ^ {xb,xt), and since B || T is nonblocking, there 
cannot exist any state (jsjjr) such that {xb,xt) =^ {yB^yr) and lP{yB,yT) = 0- Thus, (Ql must be true, 
and this means that 1^{xa,xt) / 0. Since T and s such that A\\T ^ {xa,xt) were chosen arbitrarily, it 
follows that A <conf B. 

Second assume that there exists s G NConf(B) and xa G Qa such that A 4> xa and X = {{xa},Xb) ^ 
LC(A,B), where Xb = 5g^^{QB,s). Let Nb = (£, Qfj, — {x%}) be a deterministic recogniser of the lan- 
guage NConf(B), and let Tx = )-j.,{x^}) be the deterministic automaton that exists according 
to Lemma|2] Since s G NConf(B), there exists a unique state Xg G Qn such that Nb A x^. Then construct 
the automaton 

r = (I,ewUer,^yvU^rU{(x„T,x^)},{x^}) . (14) 

Clearly, A || T 4> {xa,Xs) A (x^,Xy), and L®(x^,x^) = by Lemma [2] ([ill. Thus, A || T is blocking. 

On the other hand, B || T is nonblocking. To see this, consider B\\T =k- (yB^yr)- If yr G Qn, then 
it follows from the fact that B || A^^ is nonblocking [ i ll] that there exists m G S* such that (yB^yr) 
Otherwise yx G Qt, which means that t = su and 7 A x, A x^ A yj. Also since B =4> jb, it follows that 
yB G = 8'^'\Q°bM = 5i'\5i''{Q°B,s),u) = 5i''\XB,u), i.e., there exists xb G Xb such that 

•ffi =^3'B- Thus {xg,Xj) =4> (3'B,3'r), and by Lemma [H®, it holds that l^^yBjyr) / 0- 

Thus, A II r is blocking and B || T is nonblocking, so A <conf B cannot hold. □ 

Example 8. Consider again automata Aq and Bq in Figure [T] Recall that Conf(Bo) = aL* from Ex- 
ample [3l so the only state in Aq that can be reached by a trace s ^ Conf(Bo) is oq. Therefore, it is 
enough to check the pair ({ao}, {^0}) according to Theorem [H and it has been shown in Example [6l that 
{{ao},{bo}) G LC'(Ao,Bo). It follows that Aq ^conf So- This conclusion is made despite the fact that 
{{ao},{b2}) ^ LC(Ao,Bo), because ({ao},{^2}) is only reachable by traces a" G Conf(Bo), n>2. 

When using Theorem [H to determine whether an automaton A is less conflicting than some blocking 
automaton B, the set of certain conflicts of B must be known first. This can be achieved using Theorem [3l 
which makes it possible to classify state sets in the subset construction of B as certain conflicts. If a state 
setXg C Qb is found to represent certain conflicts, i.e., {®,Xb) G LC(C?,B) according to Theorem[3l then 
{Xa,Xb) G LC(A,B) for every state set Xa ^ Qa. Successors reached only from such pairs are also certain 
conflicts of B and should not be considered when testing whether A <conf B according to Theorem [4l 
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Figure 4: Less conflicting pairs for the automata pairs in Figure |2] and |3] 

Example 9. Consider again automata A i and Bi in Figure |2] Composing A] with a deterministic version 
of Bi results in the following four pairs of states in A[ and sets of states in Bi that should be tested 
according to Theorem |4] to determine whether A i <conf 

{{ao},{bo}) {{ai},{bub2}) (K}, {^i ,^2}) {{asjdh}) ■ (15) 

All four pairs need to be considered as Bi is nonblocking and thus Conf(Bi) = 0. 

The graph to the left in Figure |4] shows these four pairs and their deterministic successors. The four 
pairs (15]) are marked as initial states, and the arrows in the graph represent the deterministic transition 
function. Although the deterministic transition function is defined for all state set pairs and events, arrows 
to (0,0) are suppressed for clarity of presentation. 

The following less conflicting pairs to compare Ai to B\ are determined from the graph: 

(w,w) eLC°(Ai,Bi) ; (16) 
({ao},{^o}), {{aiMdbiM}), ({a3},{^3}) GLCHAi,Bi) . (17) 

For example, ({ai ,a2}, {^1 ,^2}) G LC^ (Ai,Bi), because all the ways to reach termination from state bi, 
i.e., all traces in V{bi) = a*^co take the pair ({ai ,a2}, {Z^i ,^72}) to (ft), ft)) G LC^(A\,B{). No further 
pairs are found in LC^(Ai,Bi), so LC(Ai,Si) consists only of the pairs listed above. For example, 
{{ai},{b\,b2}) ^ LC^(Ai,Bi), because the traces ajSftJ G l?{bi) and yco G l^{b2) do not have any 
prefixes that reach a pair in LC ' (A 1 , B 1 ) . 

As ({<3i }, {^1 ,^2}) ^ LC(Ai,Bi), it follows from Theorem |4] that A\ is not less conflicting than B\. 

Example 10. Consider again automata A2 and B2 in Figure |3] Again note that Conf(B2) = 0- By 
composing A2 with a deterministic version of B2, it becomes clear that the only pairs that need to be 
tested to determine whether A2 ^conf B2 according to Theorem |4] are ({ao}, {^0,^1}) reached after e, 
{{a\},{bQ,b\]) reached after a+, and ({a2}i {^0,^1}) reached after aa+. 

The graph with these pairs and their deterministic successors is shown to the right in Figure HI with 
the three crucial pairs marked as initial. The following less conflicting pairs are discovered (see Exam- 
plelTl): 

(ftj,ftj) glc"(A2,B2) ; (18) 

({ai}, {^0,^1}), {{ai,a2},{baM}), ({a2},{^o,^i}) G LC^(A2,B2) ; (19) 

({ao},{^o,^i}) GLC2(A2,B2) . (20) 

As the three crucial pairs are all in LC(A2,B2)> it follows from Theorem |4] that A2 <conf B2. 
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The result of Theorem |4] is related to the decision procedure for fair testing lllSh . The fair testing 
decision procedure starts by composing the automaton A with a determinised form of B, which gives 
rise to the same state set combinations that need to be considered as in Theorem IH From this point 
on, the two methods differ. The fair testing decision procedure annotates each state of the synchronous 
product of A and the determinised form of B with automata representing the associated refusal trees, 
and searches for matching automata (or more precisely, for matching productive subautomata) within 
these annotations. The method based on less conflicting pairs avoids some of the resulting complexity by 
performing the complete decision on the flat state space of the synchronous product of the determinised 
forms of A and B. 



4 Algorithm to Compute Less Conflicting Pairs 

This section proposes a method to effectively compute the less conflicting pairs for two given finite-state 
automata A and B. This is done in a nested iteration. Assuming that the set LC"(A,B) is already known, 
the set LC"^'(A,B) is computed in a secondary iteration based on more conflicting triples. 

Definition 6. Let A = (1,2^,^^,2^) and B = {L,Qjj,^g,Ql) be automata. The set MC"(A,B) C 
Q'a^ X Q'^^^ X Qg of n^^ level more conflicting triples for A and B is defined inductively as follows. 

{i(d,(0,XB)\xBeQB} ; (21) 

{(Xa,Xb,xb) I (Xa,Xb) ^LC"(A,B) and G and there exists (YA,YB,yB) G (22) 
MCl{A,B) and C7 e E such that d^%{XA,XB, o) = (YaJb) and ^ } ; 

U MC;;(A,B) . (23) 

m>0 

For a pair {Xa,Xb) to be a less conflicting pair, according to Definition|5]there must be a state xb G Xb 
such that every trace that takes xg to termination in B has a prefix that leads to another less conflicting 
pair. A triple {Xa,Xb,xb) is considered "more conflicting" if {Xa,Xb) is not yet known to be a less 
conflicting pair, and the state xg G Xb cannot be used to confirm the above property. Therefore, Lemma|5] 
shows that a triple {Xa,Xb,xb) is «*-level "more conflicting" if and only if the state xb G Xb can reach 
termination without passing through a pair in LC". 

If {Xa,Xb,xb) is "more conflicting" for all xg G Xb, then the pair {Xa,Xb) cannot be a less conflicting 
pair. Otherwise, if there exists at least one state xg G Xb such that {Xa,Xb,xb) is not "more conflicting", 
then {Xa,Xb) is added to set of less conflicting pairs in the next iteration. Theorem |6]below confirms the 
correctness of this approach. 

Lemma 5. Let A = (1,2^,^^,2^) andB = {'L,Qg,^g,Q°g) be automata, let n G No and {Xa,Xb,xb) G 
Q'a^ X Qg^^ X Qg. The following statements are equivalent. 

(i) (Xa,Xb,xb) gMC"(A,B); 

(ii) There exists a trace s G L*(0\j{e} such that d^%{XA,XB,s) = (0,G)) andxg 4>, and 5^%{XA,XB,r) ^ 
LC" (A , B) for all prefixes rQs. 

Proof. First let {Xa,Xb,xb) G MC"(A,B), i.e., {Xa,Xb,xb) G MC",(A,B) for some m G No. It is shown 
by induction on m that ^ holds. 

In the base case, m = 0, and by definition {Xa,Xb,xb) G MCo(A,B) means that {Xa,Xb) = (0,ft)). 
Then consider s = e, and note 5^%{XA,XB,e) = {Xa,Xb) = (0, (o) and xg =l>. Clearly r □ £ implies r = e, 
and 5^%{XA,XB,e) = (0, w) ^ LC(A,S) D LC"(A,B) by Lemma[I] 



MCUA,B} = 
MC:;+i(A,B) = 

MC"(A,B) = 
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({flo},{feo.fel},fol) a {M,{l>oM},bi) {{ai,a2},{bo,bi},bi){{a2}AboM},bi) 



{{a2}.{bo,bi},bo) 




Figure 5: Calculating more conflicting triples for automata A2 and B2 in Figured 



Now consider {Xa,Xb,xb) G MC;;,+i (A,B). It follows from Definition [6] that {Xa,Xb) i LCiA.B) 
and xb G Xb, and there exists (I^ , Yb.Jb) e MC;;,(A,B) and a G I such that ^^^(Xa,^^, a) = (Fa,Jb) and 

■^B =^3'B- By inductive assumption, there exists a trace s G r*ajU{£} such that 5^'^^(Fa,Jb,^) = (0, &>) and 
^ , and for all r C 5 it holds that (7^ , , ^ LC" (A , B) . Then (Xa , , a^) = 5^^ (Fa , is , ^) = 
(0, w) and =^ jb ^, and for all r □ it holds that 5^5(Xa,Xb, r) ^ LC"(A,B). 

Conversely, let 5 G I*ft)U{e} such that © holds. This means that 5^g(XA,XB,5) = (0, ft)) andjc^ 4>, 
and 5^g(XA,Xg,r) ^ LC"(A,B) for all r C. s. It is shown by induction on m = \s\ that {Xa,Xb,xb) G 

Mc:;,(A,fi)- 

In the base case, m = and s = e, it holds by definition that {Xa,Xb) = 5^^^{XA,XB,e) = (0,G)) G 
MCS(A,B). 

Now let s = at such that |?| = m, and 5^%{Xa,Xb,s) = (0,ft)) and xb and Sj'KXAjXfijr) ^ 
LC"(A,5) for all prefixes r Q s. Write 5^%{Xa,Xb,g) = {Ya,Yb) and xb 4> 4>. Then yB 4> and 
5^f^(7A,FB,0 = di%iXA,XB,at) = 5^'siXA,XB,s) = (0,«) and di%iYA,YB,r) i LC"(A,S) for all r □ 
Then (Ja,Fb, je) G MCJ5,(A,S) by inductive assumption, and by Definition[6]it follows that (Xa,Xb,xb) G 
MC«+i(A,B). □ 

Theorem 6. Let A = (I, Ga' 2a) ^^d B = (I, gg, -^b^Q°b) be automata, and let « G Nq. Then 

LC"+nA,B) = { (Xa,Xb) G X I (Xa,Xb,xb) ^ MC"(A,B) for some X5 G X5 } . (24) 

Proo/ Let (Xa,Xb) G LC"+1(A,B). Then by Definition [51 there exists xb G Xb such that for all t G I* 
such that Xb there exists r C f« such that 5^'^^(XA,XB,r) G LC'(A,B) for some / < n. Equivalently, 

this means that there does not exist a trace f G £* such that xb =^ and for all prefixes r C fo) it holds that 
5^%{XA,XB,r) ^ LC"(A,B). Then (Xa,Xb,xb) ^ MC"(A,B) because otherwise such a trace would exist 
by Lemma [5] 

Conversely, let xb G Xb such that (Xa,Xb,xb) ^ MC"(A,B). To check the condition in Defini- 
tion [5] Q, consider t G £* such that xb Then clearly d^^^{XB,t(o) = CO. By Definition IH it holds 
that either 5f\XA,t(o) = (O or 5f^\XA,t(o) = 0. If 5^^\XA,t(o) = (O, then 5^%{XA,XB,t(o) = {(0,(o) G 
LC°(A,B). Otherwise 5^''\XA,t(o) = and thus 5^%{XA,XB,t(o) = (fi,(o), and by Lemma[5]there must 
exist rQtco such that 5^3(^A,XB,r) G LC"(A,B) as otherwise {Xa,Xb,xb) G MC"(A,B). In both cases, 
5^^g{XA,XB,r) G LC'(A,B) for some rQt(0 and / < n. Since f G £* with xg ^ was chosen arbitrarily, it 
follows from Definition [5] Q that (Xa,Xb) G LC"+' (A,B). □ 

Example 11. Figure [5] shows a graph representing the more conflicting triples to check whether A2 <conf 
B2 in Figure [3i The arrows in the graph represent the deterministic transition function in combination 
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with the transition relation of B2. An arrow {Xa,Xb,xb) A {YA,YB,yB) indicates that 5^fg^{XA,XB,<j) = 
(YaJb) and XB^yB- 

In the first iteration to compute MC°(A2,B2), first the triple (0,a),^a)) is added to MC{5(A2,B2)- 
Next, the triples ({ao}, {^0)^i}i^o) and {{ai},{bo,bi},bQ) are added to MC'j'(A2,B2) as they can im- 
mediately reach {<l),co,bco)- Finally, ({flo},{^0)^i}5^i) is also added to MC2(A2,B2) as it reaches 
{{ai},{bo,bi},bQ) G MC?(A2,B2)- No further triples are found to be in MC3(A2,B2)- Therefore, 
{{ai},{bQ,bi},bi) ^ MC*'(A2,S2), so it follows from Theorem [6] that ({ai}, {^0,^1}) G LC'(A2,B2), 
and likewise {{ai,a2},{bo,bi}), ({^2}, {^0,^1}) GLC'(A2,B2)- 

In the next iteration to compute MC^(A2,S2), note that {{ai},{bo,bi},bQ) ^ MC} (A2,-B2) because 
{{ai},{bo,bi}) G LC^(A2,B2)- Still, ({ao},{^o,^i},^()) € MC}(A2,B2) because of the transition to 
(0,w,Z7a,) G MCi(A2,S2), but {{ao},{bo,bi}M) ^ MC^(A2,B2) because now {{ai},{bo,bi},bo) ^ 
MC|(A2,B2)- Accordingly, the pair ({ao}, {^0,^1}) is added to LC^(A2,B2)- 

In a final iteration to compute MC^(A2,S2), only one more conflicting triple is found, {<l),(0,b(o) G 
MCg(A2,B2)- No further pairs are added in LC^(A2,B2)- At this point, the iteration terminates, having 
found exactly the four less conflicting pairs given in Example [TOl ([T9l ) and (l20l ). 

To determine whether an automaton A is less conflicting than automaton B, it is first needed to 
determine the set of certain conflicts of B, and then to find all the state-set pairs for A and B that are 
reachable from a pair like {{xa},Xb) associated with some trace that is not a certain conflict of B. The 
more conflicting triples can be constructed as they are discovered during the backwards search from the 
terminal states. 

The complexity of each iteration of the more conflicting triples computation is determined by the 
number of arrows in the graph, which is bounded by |r| • \Qb\^ ■ 2'^"' • 2^^'^^, because the powerset transi- 
tions are deterministic, which is not the case for the transitions of B. Each iteration except the last adds 
at least one less conflicting pair, so the number of iterations is bounded by l'^"' .2l2'il. The complexity 
of this loop dominates all other tasks of the computation. Therefore, the worst-case time complexity to 
determine whether A <conf B using less conflicting pairs is 

0(111 -iGfiP -412^' •4l2'^i) = 0(|iHeBp-22ieAl+2iesl) . (25) 

This shows that the conflict preorder can be tested in linear exponential time, as it is the case for the fair 
testing preorder. Yet, the complexity (1251 ) is better than the time complexity of the decision procedure 
for fair testing, which is 0{\Qa\ • IQ^I • 2^l2Al+5|eBl) 

5 Conclusions 

Less conflicting pairs provide a concrete state-based means to characterise the extent by which one pro- 
cess is or is not less conflicting than another. The characterisation generalises and includes previous 
results about certain conflicts, and it gives rise to a direct way to test the conflict preorder and the related 
fair testing preorder by inspecting sets of reachable states. Based on the characterisation, an effective 
algorithm is presented to test whether a finite-state automaton is less conflicting than another. The al- 
gorithm, while still linear exponential, has better time complexity than the previously known decision 
procedure for fair testing. 

In the future, the authors would like to apply the theoretic results of this paper to compute abstrac- 
tions and improve the performance of compositional model checking algorithms. The more thorough 
understanding of the conflict preorder will make it possible to better simplify processes with respect to 
conflict equivalence and other related liveness properties. 
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